CVSS: 8.1EPSS: 0%CPEs: 21EXPL: 1CVE-2020-11027 – Password reset links invalidation issue in WordPress
https://notcve.org/view.php?id=CVE-2020-11027
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, un enlace de restablecimiento de contraseña enviado por correo electrónico a un usuario no caduca tras cambiar la contraseña del usuario. Se necesitaría el acceso a la cuenta de correo electrónico del usuario por una parte maliciosa para una ejecución con éxito. • https://www.exploit-db.com/exploits/51531 http://packetstormsecurity.com/files/173034/WordPress-Theme-Medic-1.0.0-Weak-Password-Recovery-Mechanism.html https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-11028 – Unauthenticated disclosure of certain private posts in WordPress
https://notcve.org/view.php?id=CVE-2020-11028
In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, algunas publicaciones privadas, que anteriormente eran públicas, pueden resultar en una divulgación no autenticada bajo un conjunto específico de condiciones. Esto ha sido corregido en la versión 5.4.1, junto con todas las versiones afectadas anteriormente mediante una versión menor (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11030 – Cross-site scripting (XSS) in Search block in WordPress
https://notcve.org/view.php?id=CVE-2020-11030
In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, puede ser diseñada una carga útil especial que puede conllevar a que los scripts sean ejecutados dentro del bloque de búsqueda del editor de bloques. Esto requiere un usuario autenticado con la capacidad de agregar contenido. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 8.7EPSS: 0%CPEs: 21EXPL: 0CVE-2020-11026 – Specially crafted filenames in WordPress leading to XSS
https://notcve.org/view.php?id=CVE-2020-11026
In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file. This requires an authenticated user with privileges to upload files. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33). En las versiones afectadas de WordPress, los archivos con un nombre especialmente diseñado cuando se cargan en la sección Multimedia pueden conllevar a una ejecución de script al acceder al archivo. Esto requiere un usuario autenticado con privilegios para cargar archivos. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 https://lists.debian.org/debian-lts-announce/2020/05/msg00011.html https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16781 – Stored cross-site scripting (XSS) in WordPress block editor
https://notcve.org/view.php?id=CVE-2019-16781
In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS. En WordPress versiones anteriores a 5.3.1, los usuarios autenticados con privilegios más bajos (como los contribuyentes) pueden inyectar código JavaScript en el editor de bloques, que es ejecutado dentro del panel. Puede conllevar a un administrador a abrir la publicación afectada en el editor conllevando a un ataque de tipo XSS. • https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v https://hackerone.com/reports/731301 https://seclists.org/bugtraq/2020/Jan/8 https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release https://wpvulndb.com/vulnerabilities/9976 https://www.debian.org/security/2020/dsa-4599 https://www.debian.org/security/2020/dsa-4677 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •